Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

network access restriction on site to site VPN.

Hi All,

I have created a site to site VPn between site A and Site B. <>

I want to restrict one IP address from Site A to communicate to site B IP address How can i do it on the site to site VPN. I know i can restrict it on the interface level on site A but for some reason i cannot apply it on site A. i want to apply this restrict on site B. Is there any solution for that. Your help will be appricated

Community Member

Re: network access restriction on site to site VPN.

I got the solution. Thanks

access-list 103 extended deny tcp host host eq 80

!--- Access list 103 is created for the VPN Filter.

!--- This access list 103 filters/denies the request from the remote host(

!--- to the local WEB Server (

access-list 103 extended permit ip any any

group-policy filter internal

group-policy filter attributes

vpn-filter value 103

!--- Create the group policy (filter)and specify the access list number

!--- in the vpn filter command.

tunnel-group general-attributes

default-group-policy filter

!--- Associate the group policy (filter) with the tunnel group.

CreatePlease to create content